System integrating an identity selector and user-portable device and method of use in a user-centric identity management system
First Claim
1. A method, comprising:
- a host computing system determining whether any user identity among at least one of first user identities of a user satisfies identity requirements of the user;
the host computing system generating a token request with respect to a selective one of any user identity determined to satisfy the identity requirements;
the host computing system communicating the token request to a user computing device;
the user computing device issuing a security token according to the token request; and
the user computing device communicating the security token to the host computing system.
1 Assignment
0 Petitions
Accused Products
Abstract
A combination includes a user-portable computing device, and an identity selector adapted for interoperable use with the user device. The user computing device includes a security token service that issues security tokens in reference to a portfolio of user identities stored as information cards on the user device. The issuance of security tokens employs user attribute information that is stored onboard the user device. The identity selector exports the information cards from the user device and determines which user identity satisfies a security policy promulgated by a relying party as part of an authentication process within the context of an online interaction. The identity selector generates a token request based on one of the eligible user identities, and forwards the token request to the user device to invoke the token issuance operation. The identity selector presents the issued security token to the relying party to comply with the security policy.
-
Citations
20 Claims
-
1. A method, comprising:
-
a host computing system determining whether any user identity among at least one of first user identities of a user satisfies identity requirements of the user; the host computing system generating a token request with respect to a selective one of any user identity determined to satisfy the identity requirements; the host computing system communicating the token request to a user computing device; the user computing device issuing a security token according to the token request; and the user computing device communicating the security token to the host computing system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system, comprising:
-
a user computing device, wherein the user computing device; comprises at least one storage including a plurality of first user identities for a user and at least one user attribute, and is programmed to generate a security token in accordance with a token request in reference to a first user identity; and an identity manager system, wherein the identity manager system is programmed to; manage communications between the identity manager system and the user computing device, and generate the token request. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory computer-readable medium having computer-executable instructions for execution by a processor, that, when executed, cause the processor to:
-
determine whether any user identity among at least one of first user identities of a user satisfies identity requirements of the user; generate a token request with respect to one of any user identity of the user determined to satisfy the identity requirements; direct the token request to the user computing device; and receive from the user computing device the security token issued according to the token request. - View Dependent Claims (18, 19, 20)
-
Specification